Technical Field
The present disclosure generally relates to security tools, and more particularly to tools that identify the integrity of applications in a multi-tier architecture.
Description of the Related Art
Compact, feature specific software applications, commonly referred to as “apps,” have become ubiquitous on a wide array of computing devices, including laptops, smart phones, tablets, televisions, and other devices, collectively referred to herein as user devices (UD's). Many of these applications have a multi-tier architecture, sometimes referred to as “n-tier architecture.” which is a client-server architecture that is separated into multiple tiers. For example, the application may be divided into three separate tiers: (i) a presentation tier, which is what a user sees; (ii) a logic tier (sometimes referred to as an application processing tier), which holds the business logic, and (iii) a data tier (sometimes referred to as a data management tier), which holds the data.
Such architecture provides security at each tier, allows scalability, and is generally easier to maintain and modify. For example, different presentation tiers may be provided for the same application depending on the device platform (e.g., PC, Tablet, smartphone, smart-watch, etc.,), different business rules may be applied to different locations, and users may have access to different data. Common applications may include, but are not limited to, online auctions, webmail, instant messaging service, social media, and the like.
Traditional approaches for ensuring application integrity are typically related to digital signatures. While traditional approaches provide some protection, they may not provide any guarantee to servers that provide the logic tier and the data tier. A malicious version of an application can deceive a user to believe that they are interacting with a legitimate version of the application, thereby harvesting the user's personal information, such as credit card, social security number, salary information, date of birth, phone number, e-mail address, home address, etc.
A server may not be able to determine the integrity of the application being executed on the client. Consequently, a client may execute a malicious application without the server being able to identify the breach in security. It is with respect to these considerations and others that the present disclosure is written.